
Xero
enVisual360 is a wealth management/CRM software solution that helps small to large enterprises monitor client and entity information. enVisual can be implemented as a cloud application or on-premise application. enVisual includes...Read more
Know Your Customer is a compliance management solution that helps financial institutions streamline KYC or KYB compliance and anti-money laundering (AML) processes. It allows managers to streamline client onboarding operations, cr...Read more
ArchTitan is a cloud-based email archiving solution designed to help businesses archive and retrieve emails from a centralized location. Key features include instant data encryption, retrievable archiving, data processing, automat...Read more
Enterprise Process Center, by Interfacing Technologies, is a business process management (BPM) suite that provides businesses several digitization and management programs within a single platform. The solution can be deployed eith...Read more
ManageEngine EventLog Analyzer is an on-premise log management solution designed for businesses of all sizes across various industries such as information technology, health, retail, finance, education and more. The solution prov...Read more
Nintex is a workflow management solution that caters to a variety of industries including energy, health and life sciences, financial services and government. It is suitable for departments such as customer services, human resourc...Read more
3E Protect is a health and safety management solution that helps businesses across healthcare, pharmaceutical, petrochemical and other industries manage associated safety data sheets (SDS) to reduce incidents across departments. T...Read more
Third-Party Manager is a compliance management solution that helps organizations onboard and monitor external business relationships from within a unified platform. It enables staff members to utilize artificial intelligence (AI) ...Read more
Nlyte Data Center Infrastructure Management (DCIM) is designed to help businesses plan, manage and automate the entire infrastructure lifecycle including data centers and hybrid-cloud resources. It enables administrators to foreca...Read more
At Equally AI, we are on a mission to provide people with disabilities with the best personalized web experience while providing businesses with an automated web accessibility solution that can make any website ADA & WCAG complian...Read more
Optial SmartStart is a cloud-based governance, risk and compliance (GRC) solution. It serves businesses of all sizes in industries such as banking, insurance, manufacturing and retail. Primary features include compliance managemen...Read more
SAP Litmos is a cloud-based continuous learning platform that unifies learning management, the extended enterprise, prepackaged content and a content management system to meet organizations’ training needs. SAP Litmos is SSAE 16...Read more
Compliance management software is a program used to continually track, monitor, and audit whether business processes are aligned with applicable laws, organizational policies, and the standards of consumers and business partners.
Of course, a corporate compliance program goes far beyond software, and businesses in certain industries may not even need software to manage compliance requirements. However, large businesses and organizations in sensitive industries (pharmaceutical manufacturing, financial services etc.) generally benefit from an approach to compliance issues that’s partially automated by software.
Compliance management functionality can be found in various types of software. We’ll help you understand your options, so you can make the right choice for your specific business model and industry.
Here’s what we’ll cover:
Which Types of Software Help With Compliance Management?
What Is the Core Functionality of Compliance Software?
Key Considerations for Buyers
There are essentially three kinds of compliance management software (also known as corporate compliance and oversight tools) on the market:
All-purpose compliance management platforms offer generic capabilities for compliance management across industries. Sample vendors include CMO Compliance and Navex.
Industry-specific tools help businesses in heavily regulated industries (health care, industrial manufacturing, financial services etc.) meet specific legislative and commercial requirements.
GRC platforms include generic compliance management features alongside a broader set of capabilities for risk management and corporate governance (for instance, IT risk management, business continuity planning, and legal management). Sample vendors include Enablon.
In this buyer’s guide, we’ll focus on all-purpose compliance management platforms as well as GRC platforms. Industry-specific tools are so niche in functionality that your specific business model will significantly whittle down your shortlist of vendors.
Compliance software covers a huge range of business processes, regulations and industry needs. It’s no surprise that platforms are highly diverse in their functionality.
Compliance doesn’t stop at industry regulations and standards (OSHA, ISO etc.). Corporate ethics policies, acceptable use policies, and even business partner policies can all pose compliance issues. For instance, Wal-Mart suppliers have to meet a number of stringent standards that suppliers of many other major retailers don’t have to bother with.
Let’s therefore zoom in on the most important components of a compliance management system:
Policy management and compliance registry | Policy authoring and approval workflows, version control, etc. Policies are documented in a global registry that maps applicable regulations to policies. |
Controls monitoring | Workflow engine enables business units to attest compliance with policies and regulations. Controls are documented in a centralized catalog, and standardized workflows allow for a controlled incident escalation process. |
Compliance reporting | Enables visibility into violations and noncompliant facilities at various levels of aggregation via dashboards and scheduled reports. Some solutions also support continuous monitoring of KPIs related to sensitive business processes for compliance issues. |
Audit management | Systematic workflows, case management and reporting features for investigating and resolving compliance issues. Some solutions also support real-time field reporting for audits. |
Regulatory intelligence and change management | Tracks RSS and XML feeds of regulatory information and alerts published by standards bodies and government organizations. Feeds can then be mapped to existing policies. Some providers also have legal teams that compile knowledge bases of international regulations. |
E-learning for compliance training | Generic and customizable online courses for training employees on how to comply with policies. |
Survey tools | Survey modules allow organizations to distribute self-assessments to employees. |
Conflicts management | Tools for monitoring potential conflicts of interest (employee gifts, employee trading etc.) |
Fraud management | Risk management features allow for detection of patterns indicating fraudulent activity in financial statements, vendor payments etc. Controls can also be tested for efficacy in preventing fraud, and “whistleblower” hotlines and web forms allow employees to act as a front line of defense. |
Multilingual interfaces | Interfaces are available for employees who don’t speak English. |
Aside from these specific features, the advisory firm Gartner notes in their “Market Guide for Corporate Compliance and Oversight Solutions” that one of the most important functions of compliance software is aggregation: “The huge number of global legal, regulatory and administrative requirements and the variety of standards, guidelines and frameworks require compliance managers to merge and normalize mapping of requirements to controls and other compliance activities.” (The full report is available to Gartner clients.)
This is obviously a daunting policy management challenge that compliance software partially addresses through automation.
Which Compliance Areas Do All-Purpose Solutions Cover?
In addition to basic requirements, such as employee codes of conduct, GRC platforms and all-purpose compliance management, software solutions typically cover the following compliance areas:
Financial/accounting regulations
Industry-specific standards bodies and regulatory agencies
Regulatory feeds
Many providers offer out-of-the-box support for dozens of other standards, but if your organization operates in a heavily regulated industry, the first step in your search should be evaluating industry-specific solutions.
We’ve seen that the landscape of compliance management vendors remains highly fragmented due to the diverse nature of compliance requirements. Keeping the following considerations in mind will help you evaluate vendors to build an effective shortlist: